Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/HrUWwjLaIvz32L4D4yEP41y7k9k.roa
File:                     HrUWwjLaIvz32L4D4yEP41y7k9k.roa (raw, json)
Hash identifier:          mjb/KGnwpgbTT+oD8LY9FGBEj7Ro1mY/Dd5z8NA8K9c=
Subject key identifier:   1E:B5:16:C2:32:DA:22:FC:F7:D8:BE:03:E3:21:0F:E3:5C:BB:93:D9
Certificate issuer:       /CN=d2cdd5f162a267800003cf30c18e9cebce274ec5
Certificate serial:       018CC94D6504A1177918C4EACCCD434CB433
Authority key identifier: D2:CD:D5:F1:62:A2:67:80:00:03:CF:30:C1:8E:9C:EB:CE:27:4E:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/HrUWwjLaIvz32L4D4yEP41y7k9k.roa
Signing time:             Tue 02 Jan 2024 08:32:21 +0000
ROA not before:           Tue 02 Jan 2024 08:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        185.252.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:65:04:a1:17:79:18:c4:ea:cc:cd:43:4c:b4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2cdd5f162a267800003cf30c18e9cebce274ec5
        Validity
            Not Before: Jan  2 08:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1eb516c232da22fcf7d8be03e3210fe35cbb93d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:45:a5:56:dc:cb:05:5d:30:5d:f6:33:14:c1:
                    2c:39:a1:dd:80:85:5a:05:a5:97:7e:69:33:0d:58:
                    61:52:7b:cb:31:a7:97:df:a5:90:7b:16:ef:cc:aa:
                    21:54:74:f0:4f:86:47:90:2e:c6:f5:a2:c6:f8:1f:
                    73:43:73:93:0c:be:9e:7a:fe:d2:67:e5:ae:20:8e:
                    76:b4:98:ad:82:89:4a:59:d4:a9:0f:ee:be:e8:60:
                    1c:e5:9b:80:89:4b:df:4a:b7:5b:24:24:cf:bc:e2:
                    d2:d6:65:f2:5e:0e:70:a5:12:7f:e6:51:70:63:91:
                    4b:69:47:0c:38:73:86:1e:85:8d:c9:7e:35:bd:4f:
                    13:a5:17:ce:51:0f:fd:d8:7c:fa:0c:4f:08:8e:4f:
                    3f:53:c1:af:b9:32:d6:2e:fa:59:d4:5d:d9:6d:db:
                    bc:66:d7:5e:55:b0:3d:fd:c7:68:36:ef:33:4e:6c:
                    ab:d4:ca:a0:2c:ec:99:cd:03:53:1a:b0:e6:45:c8:
                    50:1d:62:8f:5b:60:11:52:ce:1d:19:e0:82:e3:53:
                    cd:03:83:37:76:c4:b0:31:61:1b:65:6d:b8:21:25:
                    40:5e:1c:de:f1:ac:4d:03:cb:2f:76:a2:4f:5d:8b:
                    61:68:c6:4a:92:9b:19:65:fe:d0:f2:62:04:4e:dd:
                    61:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B5:16:C2:32:DA:22:FC:F7:D8:BE:03:E3:21:0F:E3:5C:BB:93:D9
            X509v3 Authority Key Identifier:
                keyid:D2:CD:D5:F1:62:A2:67:80:00:03:CF:30:C1:8E:9C:EB:CE:27:4E:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/HrUWwjLaIvz32L4D4yEP41y7k9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:df:43:35:3e:34:9d:95:c3:34:04:77:a2:75:66:cc:f9:1b:
         ee:de:2f:14:e4:0a:8e:a5:7a:b3:18:0e:88:76:7b:24:7e:a8:
         fc:c3:1d:80:c3:a3:56:ad:b5:cc:b3:45:a8:b2:5c:3d:f4:73:
         14:4a:fd:33:4e:d2:27:ae:55:f5:6d:aa:1c:bd:17:ab:ae:8e:
         63:b1:75:da:f9:15:dd:cb:46:f3:df:b3:25:7e:22:de:6d:a8:
         cc:e5:11:11:de:66:55:3a:ad:e1:ab:5c:59:04:d8:71:19:f4:
         52:7a:63:be:79:41:fc:cf:a4:f5:19:16:eb:24:cf:79:89:21:
         46:bd:f9:16:12:7c:81:3f:af:8c:fa:b0:23:87:b2:4e:67:06:
         02:8a:6b:c7:9d:d4:6b:f6:80:4d:a2:3b:c3:ea:36:e7:54:65:
         70:e3:1c:c7:1c:2a:03:8b:59:d8:fa:16:61:50:cc:d0:db:ba:
         19:dc:f8:7c:da:aa:88:a0:46:88:9e:97:c2:14:e0:0f:63:c5:
         e0:d2:4e:79:4b:57:ad:5e:4d:38:48:70:14:29:a6:10:78:13:
         9c:91:93:68:d9:41:51:36:69:8c:ca:75:db:38:f7:a1:ea:e2:
         96:ff:b5:35:ff:06:53:dd:1d:49:2f:c9:3b:29:50:0d:c6:99:
         2c:ae:6f:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWUEoRd5GMTqzM1DTLQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyY2RkNWYxNjJhMjY3ODAwMDAzY2YzMGMxOGU5Y2ViY2Uy
NzRlYzUwHhcNMjQwMTAyMDgzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI1MTZjMjMyZGEyMmZjZjdkOGJlMDNlMzIxMGZlMzVjYmI5M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkWlVtzLBV0wXfYzFMEsOaHdgIVa
BaWXfmkzDVhhUnvLMaeX36WQexbvzKohVHTwT4ZHkC7G9aLG+B9zQ3OTDL6eev7S
Z+WuII52tJitgolKWdSpD+6+6GAc5ZuAiUvfSrdbJCTPvOLS1mXyXg5wpRJ/5lFw
Y5FLaUcMOHOGHoWNyX41vU8TpRfOUQ/92Hz6DE8Ijk8/U8GvuTLWLvpZ1F3Zbdu8
ZtdeVbA9/cdoNu8zTmyr1MqgLOyZzQNTGrDmRchQHWKPW2ARUs4dGeCC41PNA4M3
dsSwMWEbZW24ISVAXhze8axNA8svdqJPXYthaMZKkpsZZf7Q8mIETt1hPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB61FsIy2iL899i+A+MhD+Ncu5PZMB8GA1UdIwQY
MBaAFNLN1fFiomeAAAPPMMGOnOvOJ07FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHMzVjhXS2laNEFBQTg4d3dZNmM2ODRuVHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9kZWFhZDgtMzExMy00NTEyLWE5Y2Ut
MzU4MjQzYzU1MWEyLzEvSHJVV3dqTGFJdnozMkw0RDR5RVA0MXk3azlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9kZWFhZDgtMzExMy00NTEyLWE5Y2UtMzU4MjQzYzU1MWEy
LzEvMHMzVjhXS2laNEFBQTg4d3dZNmM2ODRuVHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxWMA0G
CSqGSIb3DQEBCwUAA4IBAQAO30M1PjSdlcM0BHeidWbM+Rvu3i8U5AqOpXqzGA6I
dnskfqj8wx2Aw6NWrbXMs0Woslw99HMUSv0zTtInrlX1baocvRerro5jsXXa+RXd
y0bz37MlfiLebajM5RER3mZVOq3hq1xZBNhxGfRSemO+eUH8z6T1GRbrJM95iSFG
vfkWEnyBP6+M+rAjh7JOZwYCimvHndRr9oBNojvD6jbnVGVw4xzHHCoDi1nY+hZh
UMzQ27oZ3Ph82qqIoEaInpfCFOAPY8Xg0k55S1etXk04SHAUKaYQeBOckZNo2UFR
NmmMynXbOPeh6uKW/7U1/wZT3R1JL8k7KVANxpksrm9Y
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:06:18 2024 by rpki-client on console-ams.rpki-client.org